Exploitation

Stages

The XML-RPC passes the XML element to PHP eval()--executing PHP code and providing the attacker with remote code execution.

Prerequisites

The attacker must be able to send crafted packets to the target system.

Alert Logic Coverage

Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.

The Network-Based Intrusion Detection System (IDS) has been updated with the new signatures for this exploit when detected via Alert Logic Threat Manager™. If this signature is detected, an incident is generated in the Alert Logic console.